You are here: Home/Archistry Daily/ Is your security architecture as useless as tits on a boar hog?

November 8, 2019

Is your security architecture as useless as tits on a boar hog?

One of the other big problems I see when I’m working with clients and customers that’s a lack of discipline with how they structure their risk assessments. They’re all over the place, and they smack of all the problems we talk about during the SABSA Foundation course:

They’re highly subjective

They vary greatly in structure and scope

They aren’t well targeted

The scenarios are insanely complex

And, the ultimate example of this are the types of risk scenario that basically is best read with the R.E.M. song playing in the background…

“An attacker uses a tinfoil hat, a coat hanger and your grandmother’s cat to compromise the dishwasher in the canteen which is somehow connected to the financial accounting system and results in them transferring 100 billion dollars into their personal bank account, causing the company to go bankrupt, cats and dogs to live together, and he general end of the world as we know it takes place. So long, and thanks for all the fish.”

Aaaaannndddd I feeeeeeel fiiiiiiiiiiiinnnnnneeee.

So here’s a solution to that nonsense. The mystery final bonus is an augmented version of the VERIS threat taxonomy, mapped to the Baseline Perspectives, the Reference Architecture Attributes and a few examples on how to model end-to-end threat scenarios with ASML™ that show the targeted domains and attributes and the relevant controls that probably do the business of mitigating most of what happens.

This is Bonus #5 of the whole package of how to build better security programs through actionable architecture and the principles and habits you need to develop to actually get it done.

It’s all presented in detail in the book The Definitive Guide to The Agile Security System™ that you can get right now for $247 by using this link:

…which is still a bit of an if…since we haven’t yet quite gotten across the line with the target pre-orders…

…if the stars align and enough people think this is worthwhile, it’ll ship in mid-January with a $497 price tag—for exactly the same stuff you can get for a few more hours for almost half that.

Assuming we get the orders, the price goes up tomorrow by over $100.

And if we don’t, then I get to refund everyone else’s money.

By the time you read this, we’re probably talking 1…or maybe 2 orders remain to make this whole thing come alive and see the light of day.

Basically, it’s everything I’ve learned in 14 years applying SABSA in real organizations for real projects and advising consulting customers and coaching clients around the world what to do to make this stuff work to build better, more aligned, and therefore, more effective security programs.

If you want the inside scoop on the architecture and security program poop, then here’s the link again:

I’m out to make a difference in the lives, careers and security programs for those people who want to strive to do their best work. If what I’ve learned across technology, startups, sales, marketing and living and working around the world can help move that objective forward, then that’s good enough for me.

Stay safe,

ast
—
Andrew S. Townley
Archistry Chief Executive

P..S. And if you’re interested in subscribing to the monthly print Security Sanity™ newsletter where The Agile Security System™ first appeared, you can start with the next issue here: https://securitysanity.com

EMAIL NEWSLETTER

Want to get DAILY email tips on how to build a more effective security program so you can prove your security investments deliver value to the business?

Your nameYour best email

I understand and agree that when I sign up above, I will be added to a marketing mailing list where I will receive DAILY security leadership tips and promotional offers from Andrew S. Townley according to the terms of Archistry's privacy policy and site terms and conditions.

You can always unsubscribe at any time, and we won't sell your data to third parties.

About Us

Archistry works with you to ensure what you want to achieve actually gets done, linking strategy, risk, governance and compliance to enable sustained exceptional performance Read More…

Testimonials

Andrew is a highly skilled and experienced information systems
architect and consultant, which in my view is a rare thing. He is
innovative in his thinking and merits the title of 'thought
leader' in his specialist domains of knowledge—in particular the
management of risk. Andrew has embraced SABSA as a framework and,
in doing so, has been a significant contributor to extending the
SABSA body of knowledge."

— John Sherwood, Chief SABSA Architect

"Fabulous person to work with. Very engaging and insightful. Extremely
good technical knowledge with ability to relate concepts together and
overcome differing opinions. Makes things work."

"Andrew was able to bring clarity and great depth of knowledge to the
table. His breadth of thinking and understanding of the business
and technical issues along with a clear and effective
communication style were of great benefit in moving the process
forward towards a successful conclusion."

— Doug Reynolds, Product Manager, MobileAware

"Andrew is a fabulous consultant and presenter that you simply
enjoy listening to, as he manages to develop highly sophisticated
subjects in very understandable way. His experience is actually
surprising and his thoughts leave you without considerable
arguments for any doubts in the subjects he covers."